Common Weakness Enumeration

CWE-908

Allowed

Use of Uninitialized Resource

Abstraction: Base · Status: Incomplete

The product uses or accesses a resource that has not been initialized.

822 vulnerabilities reference this CWE, most recent first.

GHSA-FC5W-VWP8-7VM2

Vulnerability from github – Published: 2022-05-02 00:02 – Updated: 2024-02-09 00:31
VLAI
Details

sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-3688"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-08-14T22:41:00Z",
    "severity": "MODERATE"
  },
  "details": "sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.",
  "id": "GHSA-fc5w-vwp8-7vm2",
  "modified": "2024-02-09T00:31:33Z",
  "published": "2022-05-02T00:02:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3688"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44467"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/mailarchive/message.php?msg_name=487CDF51.5060201%40endian.com"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31494"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31971"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200809-11.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30697"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020900"
    },
    {
      "type": "WEB",
      "url": "http://www.server-side.de/index.htm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FC6C-WH46-2Q9R

Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2025-11-04 00:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

nfs: Fix KMSAN warning in decode_getfattr_attrs()

Fix the following KMSAN warning:

CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ===================================================== ===================================================== BUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_generic+0x806/0xb00 nfs4_xdr_dec_getattr+0x1de/0x240 rpcauth_unwrap_resp_decode+0xab/0x100 rpcauth_unwrap_resp+0x95/0xc0 call_decode+0x4ff/0xb50 __rpc_execute+0x57b/0x19d0 rpc_execute+0x368/0x5e0 rpc_run_task+0xcfe/0xee0 nfs4_proc_getattr+0x5b5/0x990 __nfs_revalidate_inode+0x477/0xd00 nfs_access_get_cached+0x1021/0x1cc0 nfs_do_access+0x9f/0xae0 nfs_permission+0x1e4/0x8c0 inode_permission+0x356/0x6c0 link_path_walk+0x958/0x1330 path_lookupat+0xce/0x6b0 filename_lookup+0x23e/0x770 vfs_statx+0xe7/0x970 vfs_fstatat+0x1f2/0x2c0 __se_sys_newfstatat+0x67/0x880 __x64_sys_newfstatat+0xbd/0x120 x64_sys_call+0x1826/0x3cf0 do_syscall_64+0xd0/0x1b0 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The KMSAN warning is triggered in decode_getfattr_attrs(), when calling decode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not initialized.

Fix the issue by initializing fattr->mdsthreshold to NULL in nfs_fattr_init().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T18:15:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Fix KMSAN warning in decode_getfattr_attrs()\n\nFix the following KMSAN warning:\n\nCPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G    B\nTainted: [B]=BAD_PAGE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n=====================================================\n=====================================================\nBUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_attrs+0x2d6d/0x2f90\n decode_getfattr_generic+0x806/0xb00\n nfs4_xdr_dec_getattr+0x1de/0x240\n rpcauth_unwrap_resp_decode+0xab/0x100\n rpcauth_unwrap_resp+0x95/0xc0\n call_decode+0x4ff/0xb50\n __rpc_execute+0x57b/0x19d0\n rpc_execute+0x368/0x5e0\n rpc_run_task+0xcfe/0xee0\n nfs4_proc_getattr+0x5b5/0x990\n __nfs_revalidate_inode+0x477/0xd00\n nfs_access_get_cached+0x1021/0x1cc0\n nfs_do_access+0x9f/0xae0\n nfs_permission+0x1e4/0x8c0\n inode_permission+0x356/0x6c0\n link_path_walk+0x958/0x1330\n path_lookupat+0xce/0x6b0\n filename_lookup+0x23e/0x770\n vfs_statx+0xe7/0x970\n vfs_fstatat+0x1f2/0x2c0\n __se_sys_newfstatat+0x67/0x880\n __x64_sys_newfstatat+0xbd/0x120\n x64_sys_call+0x1826/0x3cf0\n do_syscall_64+0xd0/0x1b0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe KMSAN warning is triggered in decode_getfattr_attrs(), when calling\ndecode_attr_mdsthreshold(). It appears that fattr-\u003emdsthreshold is not\ninitialized.\n\nFix the issue by initializing fattr-\u003emdsthreshold to NULL in\nnfs_fattr_init().",
  "id": "GHSA-fc6c-wh46-2q9r",
  "modified": "2025-11-04T00:32:05Z",
  "published": "2024-11-19T18:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53066"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25ffd294fef81a7f3cd9528adf21560c04d98747"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8fc5ea9231af9122d227c9c13f5e578fca48d2e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9b453e8b108a5a93a6e348cf2ba4c9c138314a00"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9be0a21ae52b3b822d0eec4d14e909ab394f8a92"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bbfcd261cc068fe1cd02a4e871275074a0daa4e2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc270d7159699ad6d11decadfce9633f0f71c1db"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f749cb60a01f8391c760a1d6ecd938cadacf9549"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FCJF-98WX-3V8X

Vulnerability from github – Published: 2024-08-17 09:30 – Updated: 2026-05-12 12:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

sysctl: always initialize i_uid/i_gid

Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them.

Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42312"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T09:15:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: always initialize i_uid/i_gid\n\nAlways initialize i_uid/i_gid inside the sysfs core so set_ownership()\ncan safely skip setting them.\n\nCommit 5ec27ec735ba (\"fs/proc/proc_sysctl.c: fix the default values of\ni_uid/i_gid on /proc/sys inodes.\") added defaults for i_uid/i_gid when\nset_ownership() was not implemented. It also missed adjusting\nnet_ctl_set_ownership() to use the same default values in case the\ncomputation of a better value failed.",
  "id": "GHSA-fcjf-98wx-3v8x",
  "modified": "2026-05-12T12:32:04Z",
  "published": "2024-08-17T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42312"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34a86adea1f2b3c3f9d864c8cce09dca644601ab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2591c89a6e2858796111138c38fcb6851aa1955"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FCMX-WVW9-587F

Vulnerability from github – Published: 2025-03-27 15:31 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ipvlan: ensure network headers are in skb linear part

syzbot found that ipvlan_process_v6_outbound() was assuming the IPv6 network header isis present in skb->head [1]

Add the needed pskb_network_may_pull() calls for both IPv4 and IPv6 handlers.

[1] BUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47 __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47 ipv6_addr_type include/net/ipv6.h:555 [inline] ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline] ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651 ip6_route_output include/net/ip6_route.h:93 [inline] ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476 ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline] ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671 ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223 __netdev_start_xmit include/linux/netdevice.h:5150 [inline] netdev_start_xmit include/linux/netdevice.h:5159 [inline] xmit_one net/core/dev.c:3735 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751 sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343 qdisc_restart net/sched/sch_generic.c:408 [inline] __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416 qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127 net_tx_action+0x78b/0x940 net/core/dev.c:5484 handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561 __do_softirq+0x14/0x1a kernel/softirq.c:595 do_softirq+0x9a/0x100 kernel/softirq.c:462 __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611 dev_queue_xmit include/linux/netdevice.h:3311 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3132 [inline] packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164 sock_sendmsg_nosec net/socket.c:718 [inline]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21891"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-27T15:15:57Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n  __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n  ipv6_addr_type include/net/ipv6.h:555 [inline]\n  ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n  ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n  ip6_route_output include/net/ip6_route.h:93 [inline]\n  ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n  ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n  ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n  ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n  ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n  ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n  __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n  netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n  xmit_one net/core/dev.c:3735 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n  sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n  qdisc_restart net/sched/sch_generic.c:408 [inline]\n  __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n  qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n  net_tx_action+0x78b/0x940 net/core/dev.c:5484\n  handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n  __do_softirq+0x14/0x1a kernel/softirq.c:595\n  do_softirq+0x9a/0x100 kernel/softirq.c:462\n  __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n  local_bh_enable include/linux/bottom_half.h:33 [inline]\n  rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n  __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n  dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3132 [inline]\n  packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n  sock_sendmsg_nosec net/socket.c:718 [inline]",
  "id": "GHSA-fcmx-wvw9-587f",
  "modified": "2025-11-03T21:33:13Z",
  "published": "2025-03-27T15:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21891"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27843ce6ba3d3122b65066550fe33fb8839f8aef"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ec48f812804f370f622e0874e6dd8fcc58241cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5353fd89663c48f56bdff975c562cfe78b1a2e4c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5b8dea8d1612dc7151d2457d7d2e6a69820309bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e2a4f76a2d8a44816ecd25bcbdb47b786d621974"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FCRC-8J6J-JR4G

Vulnerability from github – Published: 2025-08-22 18:31 – Updated: 2026-01-07 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: reject TDLS operations when station is not associated

syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup.

This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid.

Reject the operation early if not in station mode or not associated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38644"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-22T16:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
  "id": "GHSA-fcrc-8j6j-jr4g",
  "modified": "2026-01-07T18:30:21Z",
  "published": "2025-08-22T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38644"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0c84204cf0bbe89e454a5caccc6a908bc7db1542"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16ecdab5446f15a61ec88eb0d23d25d009821db0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/31af06b574394530f68a4310c45ecbe2f68853c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/378ae9ccaea3f445838a087962a067b5cb2e8577"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4df663d4c1ca386dcab2f743dfc9f0cc07aef73c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af72badd5ee423eb16f6ad7fe0a62f1b4252d848"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FF2R-XPWQ-6WHJ

Vulnerability from github – Published: 2022-01-06 22:12 – Updated: 2023-06-13 17:10
VLAI
Summary
Use of Uninitialized Resource in gfx-auxil
Details

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation.

Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "gfx-auxil"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-45689"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-06T16:10:35Z",
    "nvd_published_at": "2021-12-27T00:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation.\n\nArbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.",
  "id": "GHSA-ff2r-xpwq-6whj",
  "modified": "2023-06-13T17:10:49Z",
  "published": "2022-01-06T22:12:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45689"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gfx-rs/gfx/issues/3567"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gfx-rs/gfx"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/gfx-auxil/RUSTSEC-2021-0091.md"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0091.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of Uninitialized Resource in gfx-auxil"
}

GHSA-FHRM-6XXC-QC49

Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2025-12-16 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()

The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions.

Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl_cmd() fails and the 'state.state' and the 'state.bytes' are uninitialized.

Improve the error message to report more detailed error information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T18:15:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()\n\nThe function brcmf_usb_dl_writeimage() calls the function\nbrcmf_usb_dl_cmd() but dose not check its return value. The\n\u0027state.state\u0027 and the \u0027state.bytes\u0027 are uninitialized if the\nfunction brcmf_usb_dl_cmd() fails. It is dangerous to use\nuninitialized variables in the conditions.\n\nAdd error handling for brcmf_usb_dl_cmd() to jump to error\nhandling path if the brcmf_usb_dl_cmd() fails and the\n\u0027state.state\u0027 and the \u0027state.bytes\u0027 are uninitialized.\n\nImprove the error message to report more detailed error\ninformation.",
  "id": "GHSA-fhrm-6xxc-qc49",
  "modified": "2025-12-16T21:30:49Z",
  "published": "2025-05-20T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37990"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/08424a0922fb9e32a19b09d852ee87fb6c497538"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/508be7c001437bacad7b9a43f08a723887bcd1ea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/524b70441baba453b193c418e3142bd31059cc1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/62a4f2955d9a1745bdb410bf83fb16666d8865d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e089e7b585d95122c8122d732d1d5ef8f879396"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/972bf75e53f778c78039c5d139dd47443a6d66a1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bdb435ef9815b1ae28eefffa01c6959d0fcf1fa7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa9b9f02212574ee1867fbefb0a675362a71b31d"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FHVC-GP6C-H2WX

Vulnerability from github – Published: 2021-08-25 20:52 – Updated: 2023-06-13 20:33
VLAI
Summary
Read on uninitialized buffer in postscript
Details

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation.

Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.

This flaw was fixed in commit 8026286 by zero-initializing the buffer before handing to a user-provided Read.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "postscript"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.14.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-26953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T17:35:31Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation.\n\nArbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.\n\nThis flaw was fixed in commit `8026286` by zero-initializing the buffer before handing to a user-provided Read.",
  "id": "GHSA-fhvc-gp6c-h2wx",
  "modified": "2023-06-13T20:33:52Z",
  "published": "2021-08-25T20:52:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26953"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bodoni/postscript/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bodoni/postscript/commit/8026286"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bodoni/postscript"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Read on uninitialized buffer in postscript"
}

GHSA-FJ37-M473-29P7

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14
VLAI
Details

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-02T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.",
  "id": "GHSA-fj37-m473-29p7",
  "modified": "2022-05-13T01:14:23Z",
  "published": "2022-05-13T01:14:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5105"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339583"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/25/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/26/7"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3047-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3047-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FJ73-9FR6-G7MW

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-28 09:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

sctp: fix uninit-value in __sctp_rcv_asconf_lookup()

__sctp_rcv_asconf_lookup() in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af->from_addr_param(), which reads the full address (16 bytes for IPv6) trusting the parameter's declared length.

An unauthenticated peer can send a truncated trailing ASCONF chunk that declares an IPv6 address parameter but stops after the 4-byte parameter header; reached from the no-association lookup path, from_addr_param() then reads uninitialized bytes past the parameter.

Impact: an unauthenticated SCTP peer makes the receive path read up to 16 bytes of uninitialized memory past a truncated ASCONF address parameter.

The sibling __sctp_rcv_init_lookup() bounds parameters with sctp_walk_params(); this path open-codes the fetch and omits the bound. Verify the whole address parameter lies within the chunk before from_addr_param() reads it, the same class of fix as commit 51e5ad549c43 ("net: sctp: fix KMSAN uninit-value in sctp_inq_pop").

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:40Z",
    "severity": "CRITICAL"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: fix uninit-value in __sctp_rcv_asconf_lookup()\n\n__sctp_rcv_asconf_lookup() in net/sctp/input.c only checks that the ASCONF\nchunk can hold the ADDIP header and a parameter header, then calls\naf-\u003efrom_addr_param(), which reads the full address (16 bytes for IPv6)\ntrusting the parameter\u0027s declared length.\n\nAn unauthenticated peer can send a truncated trailing ASCONF chunk that\ndeclares an IPv6 address parameter but stops after the 4-byte parameter\nheader; reached from the no-association lookup path, from_addr_param() then\nreads uninitialized bytes past the parameter.\n\nImpact: an unauthenticated SCTP peer makes the receive path read up to 16\nbytes of uninitialized memory past a truncated ASCONF address parameter.\n\nThe sibling __sctp_rcv_init_lookup() bounds parameters with\nsctp_walk_params(); this path open-codes the fetch and omits the bound.\nVerify the whole address parameter lies within the chunk before\nfrom_addr_param() reads it, the same class of fix as commit 51e5ad549c43\n(\"net: sctp: fix KMSAN uninit-value in sctp_inq_pop\").",
  "id": "GHSA-fj73-9fr6-g7mw",
  "modified": "2026-06-28T09:31:45Z",
  "published": "2026-06-25T09:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53225"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/446e0ecd845abc394b24ae2030a883572bec9d16"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ce96f1182644079249a24ac7e2ffc32e0301a46"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8e86817b8af4d552f3c6fe04ca52bb0c8c57411d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/928dd94db23e8ba340f83d68f7f24d831b7a4426"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d6bd0bb7697ea8c0387b0d9d973453f479017b23"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d796cfd06074b579d265b28401306cadd30db945"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f76a8b323e28e0951f979dbef20a7496383c47df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f8373d7090b745728de66308deeecc67e8d319ce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.

Mitigation
Implementation

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Mitigation
Implementation

Avoid race conditions (CWE-362) during initialization routines.

Mitigation
Build and Compilation

Run or compile the product with settings that generate warnings about uninitialized variables or data.

No CAPEC attack patterns related to this CWE.